https://bugzilla.redhat.com/show_bug.cgi?id=1860729 --- Comment #4 from Qiyu Yan <yanqiyu01@xxxxxxxxx> --- (In reply to Bob Hepple from comment #3) > Thanks for the review! > > From the upstream homepage: "wshowkeys must be configured as setuid during > installation. It requires root permissions to read input events. These > permissions are dropped after startup." I confirmed this by trying to run > without setuid. > > I have added '_hardened_build' as required. > > It appears to work fine with mode 4711 so I've adopted that. > > As for missing-call-to-setgroups-before-setuid I've not been able to silence > it. Okay, I just found some packages that was already in Fedora can trigger this error. Maybe we can continue anyway, but I think we should have another one try. > > I thought it might be related to > https://wiki.sei.cmu.edu/confluence/display/c/POS36-C. > +Observe+correct+revocation+order+while+relinquishing+privileges - but > upstream seems to have done it the right way - but that's related to > setgid() rather than setgroups(). I tried addin a call to setgid(0) before > setuid(0) but that does not silence rpmlint. > > I tried including a call to setgroups but I can't get the compiler to accept > it: > > #include <grp.h> > ... > if (setgroups(0, NULL) != -1) { > fprintf(stderr, "devmgr: failed to drop root\n"); > return 1; > } > > and the compiler error: > > ../devmgr.c: In function ‘devmgr_start’: > ../devmgr.c:161:6: error: implicit declaration of function ‘setgroups’; did > you mean ‘getgroups’? [-Werror=implicit-function-declaration] > 161 | if (setgroups(0, NULL) != -1) { > | ^~~~~~~~~ > | getgroups > > ... not sure how to progress that. Can you try to add #define _GNU_SOURCE before including the headers? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
